Researchers from leading mobile security company, TrustGo , have discovered a new android Trojan that infects around 500,000 android users in china.
The virus dubbed as "SMSZombie" takes advantage of a vulnerability in the China Mobile SMS Payment process to generate unauthorized payments, steal bank card numbers and money transfer receipt information. This new virus also includes some self-protection features that make it difficult to eliminate.
According to TrustGo, the malware is being spread through online forums and has been found in several packages on China’s largest mobile app marketplace, GFan. TrustGo has contacted GFan, but so far, the apps are still readily available and continue to be actively downloaded.
The SMSZombie virus has been hidden in a variety of wallpaper apps and attracts users with provocative titles and pictures. When the user sets the app as the device’s wallpaper, the app will request the user to install additional files associated with the virus. If the user agrees, the virus payload is delivered within a file called “Android System Service.”
Once installed, the virus then tries to obtain administrator privileges on the user’s device. This step cannot be canceled by the user, as the “Cancel” button only reloads the dialog box until the user eventually is forced to select “Activate” to stop the dialog box. These privileges disable users’ ability to delete the app, causing the device to return to the home screen even after choosing to uninstall the app.
Researchers says that this virus has been used to recharge online gaming accounts via the China Mobile SMS Payment system. Commonly, the victim’s account is charged a relatively low amount to escape detection.
To identify whether a device has been infected with this new and dangerous virus, users should download the TrustGo Antivirus and Mobile Security™ app. For complete instructions on how to permanently eliminate all remnants of the virus code, visit: http://www.trustgo.com/en/SMSZombie-eliminate.
The virus dubbed as "SMSZombie" takes advantage of a vulnerability in the China Mobile SMS Payment process to generate unauthorized payments, steal bank card numbers and money transfer receipt information. This new virus also includes some self-protection features that make it difficult to eliminate.
According to TrustGo, the malware is being spread through online forums and has been found in several packages on China’s largest mobile app marketplace, GFan. TrustGo has contacted GFan, but so far, the apps are still readily available and continue to be actively downloaded.
The SMSZombie virus has been hidden in a variety of wallpaper apps and attracts users with provocative titles and pictures. When the user sets the app as the device’s wallpaper, the app will request the user to install additional files associated with the virus. If the user agrees, the virus payload is delivered within a file called “Android System Service.”
Once installed, the virus then tries to obtain administrator privileges on the user’s device. This step cannot be canceled by the user, as the “Cancel” button only reloads the dialog box until the user eventually is forced to select “Activate” to stop the dialog box. These privileges disable users’ ability to delete the app, causing the device to return to the home screen even after choosing to uninstall the app.
Researchers says that this virus has been used to recharge online gaming accounts via the China Mobile SMS Payment system. Commonly, the victim’s account is charged a relatively low amount to escape detection.
To identify whether a device has been infected with this new and dangerous virus, users should download the TrustGo Antivirus and Mobile Security™ app. For complete instructions on how to permanently eliminate all remnants of the virus code, visit: http://www.trustgo.com/en/SMSZombie-eliminate.